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DETAILED ACTION 

This is in response to Application/Control Number: 10/527758 filed on Sep. 12, 2003 in 
which claims 1-30 are presented for examination. 
Status of Claims: 

Claims 1-30 are pending, of which claim 1, 14, 15, 20, 26-30 are in independent form. 
Claims 1-30 are rejected under 35 U.S.C. 103(b). 

Drawings 

1 . The drawings are objected to under 37 CFR 1 .83(a) because they fail to show 22 
as described in paragraph [0020] line 4 of the specification. Any structural detail that is 
essential for a proper understanding of the disclosed invention should be shown in the 
drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 
1 .121 (d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be 
removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be necessary 
to show the renumbering of the remaining figures. Each drawing sheet submitted after 
the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121 (d). If the changes are 
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not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 

2. The drawings are objected to under 37 CFR 1 .83(a) because they fail to show 52 
as described in paragraph [0035] line 7 of the specification. Any structural detail that is 
essential for a proper understanding of the disclosed invention should be shown in the 
drawing. MPEP § 608.02(d). Corrected drawing sheets in compliance with 37 CFR 
1 .121 (d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. The figure or figure number of an amended drawing should not be labeled as 
"amended." If a drawing figure is to be canceled, the appropriate figure must be 
removed from the replacement sheet, and where necessary, the remaining figures must 
be renumbered and appropriate changes made to the brief description of the several 
views of the drawings for consistency. Additional replacement sheets may be necessary 
to show the renumbering of the remaining figures. Each drawing sheet submitted after 
the filing date of an application must be labeled in the top margin as either 
"Replacement Sheet" or "New Sheet" pursuant to 37 CFR 1 .121(d). If the changes are 
not accepted by the examiner, the applicant will be notified and informed of any required 
corrective action in the next Office action. The objection to the drawings will not be held 
in abeyance. 
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3. The drawings are objected to as failing to comply with 37 CFR 1 .84(p)(4) 
because reference character "20" has been used to designate both "Cookie" and "Host; 
Connection" in Figure 1A. Corrected drawing sheets in compliance with 37 CFR 

1 .121 (d) are required in reply to the Office action to avoid abandonment of the 
application. Any amended replacement drawing sheet should include all of the figures 
appearing on the immediate prior version of the sheet, even if only one figure is being 
amended. Each drawing sheet submitted after the filing date of an application must be 
labeled in the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 
CFR 1.121 (d). If the changes are not accepted by the examiner, the applicant will be 
notified and informed of any required corrective action in the next Office action. The 
objection to the drawings will not be held in abeyance. 

Specification 

4. The disclosure is objected to because of the following informalities: Paragraph 
[0022] line 3 of the Specification recites which appears to be a mislabeling for 16'. 

Appropriate correction is required. 

5. The disclosure is objected to because of the following informalities: Paragraph 
[0024] line 2 of the Specification recites tSa" which appears to be a mislabeling for 
18a'". 

Appropriate correction is required. 



Claim Objections 



Application/Control Number: 10/527,758 Page 5 

Art Unit: 4133 

6. Claim 15, an independent claim, recites "A method of screening for illegitimate 
Hypertext Transfer Protocol (TP) ..." which appears to be a misstatement for "A method 
of screening for illegitimate Hypertext Transfer Protocol (HTTP) 

Appropriate correction is required. 

Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

8. Claims 1-30 are rejected under 35 U.S.C. 102(b) as being anticipated by Green, 
and Jensen, Patent No.: 5,913,024; Date of Patent: Jun. 15, 1999 hereinafter Green. 

As to claim 1 , the following is taught: "A method of screening for illegitimate 
requests to a computer application (Green: column 1, lines 6-9; column 2, lines 42-51; 
column 8, line 66 to column 9, line 4; column 14, lines 37-39), comprising: 

screening a request with a rule having at least one of an existential condition; a 
statistical condition, and a complex universal condition (Green: types of conditions 
disclosed in column 4, line 62 to column 5, line 37; enforcement or rules for types 
disclosed in column 2, lines 53-67; column 9, lines 2-34)." 
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As to claim 2, tlie following is taught: "The method of claim 1 wherein screening 
with said rule is triggered by said request being of a certain type (Green: column 9, lines 
26-28). " 

As to claim 3, the following is taught: "The method of claim 2 wherein said rule 
has a plurality of conditions and wherein said plurality of conditions are triggered by said 
request being of said certain type (Green: column 7, line 57 to column 8, line 16; column 
12 line 63 to column 13 line 15)." 

As to claim 4, the following is taught: "The method of claim 3 wherein said 
certain type is a certain type of universal resource identifier (URI) (Green: column 13, 
lines 16-67; column 26, lines 3-9)." 

As to claim 5, the following is taught: "The method of claim 1 wherein said 
existential condition requires that a specified number of elements of a given type exists 
in said request (Green: column 26, lines 33-36)." 

As to claim 6, the following is taught: "The method of claim 5 wherein said 
elements of a given type are one of Headers; Cookies; Universal Resource Identifier 
(URI) parameters; URI-encoded fields; multi-part encoded fields; Simple Object Access 
Protocol (SOAP) encoded elements (Green: column 25, lines 1-5; column 26, lines 3-9)." 
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As to claim 7, the following is taught: "The method of claim I wherein said 
existential condition requires that a specified number of elements of a given type with 
a given property exists in said request (Green: column 26, lines 33-36; column 8, lines 
12-16)." 

As to claim 8, the following is taught: "The method of claim 1 wherein said 
complex universal condition requires that a specified proportion of elements of a given 
type exist in said request (Green: column 17, lines 39-51)." 

As to claim 9, the following is taught: "The method of claim 1 wherein said 
statistical condition is based on a statistical measure of a property of elements of a 
certain type in a request (Green: column 17, lines 39-51; column 26, 33-36)." 

As to claim 10, the following is taught: "The method of claim 9 wherein said 
property of elements of a certain type is one of a name or value of said elements of a 
certain type (Green: column 15, lines 25-60)." 

As to claim 1 1 , the following is taught: "The method of claim 1 wherein said 
request is an hypertext transfer protocol (HTTP) request (Green: column 1 , lines 6-9; 
column 2, lines 42-51; column 8, line 66 to column 9, line 4; column 14, lines 37-39; 
Green: column 25, lines 1-5)." 
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As to claim 12, the following is taught: "The method of claim 1 1 wherein said rule 
comprises conditions for one or more of the following parts of a request: Headers; 
Cookies; Methods; HTTP versions; Universal Resource Identifier (URI) parameters; 
URI-encoded fields; multi-part encoded fields; Simple Object Access Protocol (SOAP) 
elements (Green: column 25, lines 1-5; column 26, lines 3-9)." 

As to claim 13, the following is taught: "The method of claim 3 wherein said body 
of said request follows Simple Object Access Protocol (SOAP) (Green: column 7, line 
57 to column 8, line 16; column 12 line 63 to column 13 line 15; column 25, lines 1-5; 
column 26, lines 3-9)." 

As to claim 14, the following is taught: "A method of screening for illegitimate 
requests to a computer application, comprising: screening a request with a rule having 
an existential condition (Green: types of conditions disclosed in column 4, line 62 to 
column 5, line 37; enforcement or rules for types disclosed in column 2, lines 53-67; 
column 9, lines 2-34)." 

As to claim 15, the following is taught: "A method of screening for illegitimate 
Hypertext Transfer Protocol (HTTP) requests to a computer application (Green: column 
1, lines 6-9; column 2, lines 42-51; column 8, line 66 to column 9, line 4; column 14, 
lines 37-39; column 25, lines 1-5), comprising: 
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screening an HTTP request with a rule, said rule comprising a condition for at 
least one of the following parts of a request: Headers; Cookies; HTTP version 
indicators; Universal Resource Identifier (URI) parameters; URI-encoded fields; multi- 
part encoded fields; Simple Object Access Protocol (SOAP) elements; URI format 
(Green: types of conditions disclosed in column 4, line 62 to column 5, line 37; 
enforcement or rules for types disclosed in column 2, lines 53-67; column 9, lines 2- 
34)." 

As to claim 16, the following is taught: "The method of claim 15 wherein 
screening with said rule is triggered by a URI of said request being of a certain type 
(Green: column 13, lines 16-67; column 26, lines 3-9)." 

As to claim 17, the following is taught: "The method of claim 15 further 
comprising, upon finding a request not meeting a condition, blocking said request 
(Green: column 7, lines 9-11)." 

As to claim 18, the following is taught: "The method of claim 15 further 
comprising, upon finding a request not meeting a condition, adding an entry to an event 
log (Green: column 7, lines 12-17; column 7, lines 36-40). 
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As to claim 19, tlie following is taught: "The method of claim 15 further 
comprising, upon finding a request not meeting a condition, alerting (Green: column 7, 
lines 9-11)." 

As to claim 20, the following is taught: "A method of screening for illegitimate 
Hypertext Transfer Protocol (HTTP) requests to a computer application (Green: column 
1, lines 6-9; column 2, lines 42-51; column 8, line 66 to column 9, line 4; column 14, 
lines 37-39; column 25, lines 1-5), comprising: screening an HTTP request with a rule, 
said role comprising a condition for fields or elements in a body of said request and a 
separate condition for Cookies of said request (Green: types of conditions disclosed in 
column 4, line 62 to column 5, line 37; enforcement or rules for types disclosed in 
column 2, lines 53-67; column 9, lines 2-34)." 

As to claim 21 , the following is taught: "The method of claim 20 wherein said rule 
also comprises a condition for Universal Resource Identifier (URI) parameters of said 
request (Green: column 13, lines 16-67; column 26, lines 3-9)." 

As to claim 22, the following is taught: "The method of claim 21 wherein said role 
also comprises a condition for Methods of said request." 
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As to claim 23, the following is taught: "The method of claim 22 wherein said role 
set also comprises a condition for an hyper-text transfer protocol (HTTP) version 
indicator of said request." 

As to claim 24, the following is taught: "The method of claim 23 wherein said role 
also comprises a condition for a URI format of said request (Green: column 13, lines 16- 
67; column 26, lines 3-9)." 

As to claim 25, the following is taught: "The method of claim 24 wherein said rule 
also comprises a condition for a Header of said request." 

As to claim 26, the following is taught: "A computer readable medium containing 
computer executable instructions which when loaded into a processor cause said 
processor to: screen a request with a rule having one of an existential condition; a 
statistical condition; and a complex universal condition (Green: column 3, lines 1-35; 
additionally see Green's teachings above with regard to claim 1)." 

As to claim 27, the following is taught: "A computer readable medium containing 
computer executable instructions which when loaded into a processor cause said 
processor to: screen an HTFP request with a rule, said rule comprising a condition for at 
least one of the following parts of a request: Headers; Cookies; HTTP version 
indicators; Universal Resource Identifier (URI) parameters; URI-encoded fields; multi- 
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part encoded fields; Simple Object Access Protocol (SOAP) elements; URI format 
(Green: column 3, lines 1-35; additionally see Green's teachings above with regard to 
claim 15)." 

As to claim 28, the following is taught: "A screener comprising: an input for 
receiving requests; and means for screening a received request with a rule having one 
of an existential condition; a statistical condition; and a complex universal condition 
(Green: column 3, lines 1-35; column 1, lines 6-9; column 2, lines 42-51; column 8, line 
66 to column 9, line 4; column 14, lines 37-39)." 

As to claim 29, the following is taught: "A screener comprising: an input for 
receiving HTTP requests; and means for screening an HTTP request with a rule, said 
rule comprising a condition for at least one of the following parts of a request: Headers; 
Cookies; HTTP version indicators; Universal Resource Identifier (URI) parameters; URI- 
encoded fields; multi-part encoded fields; Simple Object Access Protocol (SOAP) 
elements; URI format." 

As to claim 30, the following is taught: "A method of screening for illegitimate 
Hypertext Transfer Protocol (HTTP) requests to a computer application (Green: column 
1, lines 6-9; column 2, lines 42-51; column 8, line 66 to column 9, line 4; column 14, 
lines 37-39; column 25, lines 1-5), comprising: screening an HTTP request with a rule, 
said rule comprising a condition for at least two of the following parts of a request: 
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Headers; Cookies; Methods; HTTP versions; Universal Resource Identifier (URI) 
parameters; URI-encoded fields; multi-part encoded fields; Simple Object Access 
Protocol (SOAP) elements; URI format (Green: types of conditions disclosed in column 
4, line 62 to column 5, line 37; enforcement or rules for types disclosed in column 2, 
lines 53-67; column 9, lines 2-34)." 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: Denker, U.S. Patent No. 5,958,053; 5,386,412; McKelvey, U.S. 
Patent No. 5,896,499; Schneier et at, U.S. Patent No. 7,159,237. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to STEPHEN SANDERS whose telephone number is 
(571)270-5308. The examiner can normally be reached on M - F; 7:30a.m. - 5:00p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Frantz Goby can be reached on 571-272-4017. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 



Application/Control Number: 10/527,758 Page 14 

Art Unit: 4133 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Stephen Sanders/ 
Examiner, Art Unit 4133 



/Frantz Coby/ 

Supervisory Patent Examiner 
Art Unit 4133 



